I just finished programming 3 an hour ago, but I don't like my brute force method.My running time varies from 3s to 500s depending on the given values, so I was lucky when I completed it.I want to know how other people have done..Does someone want to describe their method or perhaps show me some code?

i need help with this. i just aneed a simple question answered no spoilers or anything.

on the encryptstring function, there are two arguments, strString (which is what we are trying to figure out) and strPassword. to get strString though, dont we need to know what strPassword is? and to get strPassword, we would have to reverse Md5 encryption which is technically impossible. so am i missing something here? we know the output of the function, and we are trying to find out what strString is, but do we know what strPassword is?

My solution also takes between a few and a few hundred seconds. It is in an interpreted language, so I should be able to speed it up a some. I don't think I'm going to though. For some reason this one took me the longest of all programming challenges.

I don't like the name of this challenge because it isn't really something I think we "reverse" -- it deals with rolling totals and md5's which aren't really reversible (e.g. A total of "100" might be 50+50 or it could be 25+75, but we don't know which case we're dealing with, for instance) -- implying that brute forcing is really the only way we can go about it, but in a way that won't be inefficient and waste a lot of time and resources.

My issue though is still with the fact that you have both a serial string as well as a password string -- both are used as md5's. That is, it's not like we're ONLY using the total of the hex values derived from the password string -- we're actually using the password string itself as well as the serial string in our operations, for instance: ('0x0' . substr($strPasswordMD5, $i%32, 1)) is used in one operation, implying that in our calculations, we must find the full serial string and also know the full password string. This is puzzling me at the moment (would take eons to find all combinations of serials with all combinations of passwords, etc... there must be some shortcut but I'm not seeing it yet).

Will keep cracking at it though

EDIT: I think I just answered my own question, on a second look. We don't *technically* need to know the password, I think... we just need to be able to match the net output of that entire operation where the password just happens to be used.

MrRubix wrote:EDIT: I think I just answered my own question, on a second look. We don't *technically* need to know the password, I think... we just need to be able to match the net output of that entire operation where the password just happens to be used.